Dynamic business governance based on events

ABSTRACT

Provided is process, including: obtaining interaction-event records; determining, based on at least some of the interaction-event records, sets of event-risk scores, wherein: at least some respective event-risk scores are indicative of an effective of a respective risk ascribed by a first entity to a respective aspect of a second entity; and at least some respective event-risk scores are based on both: respective contributions of respective corresponding events to a subsequent event, and a risk ascribed to a subsequent event; and storing the sets of event-risk scores in memory.

CROSS-REFERENCE TO RELATED APPLICATIONS

This patent application is a continuation of U.S. Non-Provisionalapplication Ser. No. 16/510,840, filed 12 Jul. 2019, titled MONITORINGAND CONTROLLING CONTINUOUS STOCHASTIC PROCESSES BASED ON EVENTS IN TIMESERIES DATA, which claims the benefit of U.S. Provisional PatentApplication 62/698,769, filed 16 Jul. 2018, titled DYNAMIC RISK SCORINGBASED ON TIME SERIES DATA. U.S. Non-Provisional application Ser. No.16/510,840 is a continuation-in-part of U.S. patent application Ser. No.15/456,059, filed 10 Mar. 2017, titled BUSINESS ARTIFICIAL INTELLIGENCEMANAGEMENT ENGINE, and is a continuation-in-part of U.S. patentapplication Ser. No. 16/127,933, filed 11 Sep. 2018, titled MULTI-STAGEMACHINE-LEARNING MODELS TO CONTROL PATH-DEPENDENT PROCESSES. The entirecontent of each afore-listed earlier-filed application is herebyincorporated by reference for all purposes.

BACKGROUND 1. Field

The present disclosure relates to artificial intelligence (AI) and moreparticularly to machine learning used for monitoring or controllingcontinuous stochastic processes based on discrete samples and otherevents in time series data.

2. Description of the Related Art

Computation to assess the likelihood of undesirable probabilistic eventsarises in a variety of scenarios. Often, in industrial process controls,a process exhibits stochastic characteristics in which the current stateis only partially predictive, but not determinative of the state of theprocess in the future. Unpredictable events like the weather, randomvariation of aspects of inputs to the process, and the like, can lead tounpredictable outcomes, and often that unpredictability is magnifiedover time, particularly for complex systems in which the subsequentstate depends partially on the current or past state. Similar issuesarise in relation to predicting the likelihood of certain outcomes inother non-deterministic, complex systems, like the weather, the behaviorof individual human agents, and the behaviors of collections of humanagents. Due to incorrect assessments of such probabilities, oftenautomated systems designed to intervene in or otherwise control suchcomplex systems produce sub-optimal outputs, making undesirable outcomesmore likely than is desirable. These issues are often aggravated whenthe consequences of different types of outcomes significantly varying inthe amounts of influence on the outcome of a key performance metric forthe process or other system, e.g., a low-probability event with a largeeffect (like forcing a shutdown of the manufacturing process) maypresent a significant threat, despite the relatively low probability,and mis-assessment of that low-probability may lead to a larger rate ofoccurrence of such events than is desirable.

SUMMARY

The following is a non-exhaustive listing of some aspects of the presenttechniques. These and other aspects are described in the followingdisclosure.

Some aspects include a process, including: obtaining, with a computersystem, one or more out of plurality of datasets having a plurality ofinteraction-event records, wherein: the interaction-event recordsdescribe respective interaction events, the interaction-events areinteractions in which a first entity has experiences or obtains otherinformation pertaining to second entity, and at least some of theinteraction-event records are associated with respective risks by whichsequences of at least some of the interaction events relative to oneanother are ascertainable; determining, with the computer system, basedon at least some of the interaction-event records, sets of event-riskscores, the sets corresponding to at least some of the interactionevents, wherein: at least some respective event-risk scores areindicative of an effective of a respective risk ascribed by the firstentity to a respective aspect of the second entity; and at least somerespective event-risk scores are based on both: respective contributionsof respective corresponding events to a subsequent event in the one ormore out of the plurality of datasets, and a risk ascribed to asubsequent event in the one or more out of the plurality of datasets,the subsequent event occurring after the respective correspondingevents; and storing, with the computer system, the sets of event-riskscores in memory.

Some aspects include a tangible, non-transitory, machine-readable mediumstoring instructions that when executed by a data processing apparatuscause the data processing apparatus to perform operations including theabove-mentioned process.

Some aspects include a system, including: one or more processors; andmemory storing instructions that when executed by the processors causethe processors to effectuate operations of the above-mentioned process.

BRIEF DESCRIPTION OF THE DRAWINGS

The above-mentioned aspects and other aspects of the present techniqueswill be better understood when the present application is read in viewof the following figures in which like numbers indicate similar oridentical elements:

FIG. 1 is a logical architecture block diagram of an example continuousstochastic process controller and its computing environment inaccordance with some embodiments of the present techniques;

FIG. 2 is a flow chart of a process executed by the continuousstochastic process controller in accordance with some embodiments of thepresent techniques;

FIG. 3 illustrates an example of a data model of including aninteraction-event record operated upon by the continuous stochasticprocess controller in accordance with some embodiments of the presenttechniques; and

FIG. 4 is an example of a computing device upon which the presenttechniques may be implemented.

While the present techniques are susceptible to various modificationsand alternative forms, specific embodiments thereof are shown by way ofexample in the drawings and will herein be described in detail. Thedrawings may not be to scale. It should be understood, however, that thedrawings and detailed description thereto are not intended to limit thepresent techniques to the particular form disclosed, but to thecontrary, the intention is to cover all modifications, equivalents, andalternatives falling within the spirit and scope of the presenttechniques as defined by the appended claims.

DETAILED DESCRIPTION OF CERTAIN EMBODIMENTS

To mitigate the problems described herein, the inventors had to bothinvent solutions and, in some cases just as importantly, recognizeproblems overlooked (or not yet foreseen) by others in the field ofmachine learning. Indeed, the inventors wish to emphasize the difficultyof recognizing those problems that are nascent and will become much moreapparent in the future should trends in industry continue as theinventors expect. Further, because multiple problems are addressed, itshould be understood that some embodiments are problem-specific, and notall embodiments address every problem with traditional systems describedherein or provide every benefit described herein. That said,improvements that solve various permutations of these problems aredescribed below.

Computation to assess the likelihood of undesirable probabilistic eventsarises in a variety of scenarios. Variation of process outcomes inmanufacturing processes (like variation within some range of dimensionaltolerances) are often dependent, in part, on earlier states of theprocess, while still exhibiting an element of randomness. Similarly, inorder to better manage risk at financial or obituary-impactedinstitutions such as insurance companies, wealth management companies,banks, credit unions, credit card companies and the like, they oftenmust include risk computations at a deeper level in their organizations.This also applies to computer and office equipment leasing companies,phone companies selling wireless plans or devices on installment plans.Existing computational techniques, however, generally afford atemporally discrete signal (e.g., a score at the outset of arelationship) and fail to update estimated likelihoods of probabilisticevents on an ongoing basis. The present techniques are described belowwith reference to risk assessment in the context of behavior of humanagents, but it should be emphasized that the present techniques are notdirected to methods of organizing human activities, like economicarrangements. Rather, such use cases are merely one practicalapplication of the type of computational techniques described herein.

Managing risk as a continuous variable or signal provides the advantageof managing risk as a journey similar to customer journeys described inpatent applications U.S. patent application Ser. No. 15/456,059, thecontents of which are hereby incorporated by reference. Using thisapproach, in some embodiments, risk is no longer a static factor, incontrast to some traditional approaches such as a credit score or FICOscore. Risk (e.g., a likelihood of an undesirable outcome, or expectedutility thereof) may be a continuously managed signal (e.g., aparameter) that can be used to decide, configure products, recommend,trigger activities from the supplier to its customers and prospectivecustomers. Some embodiments improve upon the techniques in this earlierpatent filing to address technical challenges that arise when applyingrelated techniques to risk management, e.g., characterizing risk as acontinuous stochastic process.

For example, many conventional approaches used by suppliers tounderstand customers lack a way to quantify how a customer's riskybehavior impacts a supplier and the supplier's willingness to sellcertain types of products involving risk management on a continuing andconsistent basis (e.g., by the microsecond, second, minute, hourly,daily, weekly, monthly, per interaction, per location, per trajectory,depending on the context). Risk management concerns are often materialin sales of products such as loans, insurance policies, offeringdiscounted or free phones or other equipment for which cost is recoupedover the life of a follow-on service contract (and for which the selleroften bears the risk of the subscriber canceling the contract before thecost is recouped), wallet services offering credit, credit cards, andother products having an implicit or explicit credit risk or moralhazard component. Risk management also impacts the management ofoverbooking and rerouting of passengers for airlines.

In addition, many conventional approaches fail to measure potentialimpact from customers on a customer-by-customer basis. For example,suppliers may use a “one size fits all” approach to credit rather thantargeting customers (whether a person or a business) using anindividualized approach. By considering available transactions,purchases, expenses, payment information and non-monetary information, asupplier, by operation of some embodiments, can quantify how eachcustomer experience is a better reflection of their behavior. Forexample, the supplier, by operation of some embodiments, can measurepotential revenue from each individual customer, the risk of customerdefaulting on payments, pre-paying payments, and determine a value foreach event (e.g., interaction) in an event timeline. Having such aninsight can help the supplier, by operation of some embodiments, createcredit decision, marketing and sales decisions that are tailored to eachcustomer, e.g., tailored to the customer's preferences andcircumstances, tailored to the customer's preferred communication styleand communication channels, and the like.

The described approaches may be applied to systems, whether single ormulti-component, for which risk-related incidents represent an undesiredoutcome. The information processed, in some embodiments, includesrisk-related behavior of system components, its environment, and thepeople and systems it relates to, for the system under examination aswell as similar systems.

The goal of a supplier (e.g., a business vendor or a service provider),is often to efficiently and cost-effectively maintain a closerelationship with each customer while protecting the risk they takewhile extending de-facto credit or carrying a negative balance for awhile. In some cases, the number of customers may be large, e.g., morethan 10,000, more than a million, or more than ten million. This isoften the case with loans, subsidized purchases, leases, and the like.In the case on insurance (which as used herein includes warranties), thepremium charged is dependent on the risk a consumer takes. For a lifeinsurance, rather than imposing that he does not start parachute jumpingas a condition of the insurance, the insurer can adjust the rate once itdiscovers the consumer is parachute jumping—using pictures from Facebookposting, for instance. A supplier typically desires to understand whatmotivates a customer's actions to enable the supplier to (i) optimizethe economic value that the supplier derives from the customer, (ii)provide offerings tailored to the customer's needs, (iii) provideofferings with terms that cause the customer to finalize a transaction,and (iv) insure that the customer risk of defaulting on financialobligations or health does not bring the value of said transaction to benegative (v) there is even the opportunity to help the customersunderstand how their individual behaviors can impact their personalcredit. For example, prior to applying for a loan, a customer may haveseveral interactions with banks, but visiting countries with noextradition treaty with the home country, the risk is much differentthan just looking at FICO score, if such information is available toeither party the bank or the individual can change their behavioraccording.

Some embodiments create a customer risk journey (e.g., a temporally (orat least sequence) indexed record of events that may affect risk-relatedmetrics and indicators) in the form of an event timeline integrating thedifferent events that impact or otherwise reflect the risk behavior of acustomer. Machine learning may be used to extract the appropriatepatterns. The models built and trained with the risk journey time seriesmay be used to score a step's (in the journey) risk posture in the formof a risk index. Journeys may be encoded in memory as a set oftime-stamped or sequenced entries in an interaction-event record, eachentry, in some cases, including an event and information about thatevent. The ability to assess the risk index is not limited to past andpresent events, in some embodiments, but it may also be used to predictthe risk index for future events. As a result, the models may be used topredict the likelihood a risk incident may happen, as well as planactions (future steps) to decrease the risk index and thus improvecontinuous risk posture. In particular, the best (estimated) possiblenext step (or set of steps) may be identified to meet a specific riskmanagement objective in some embodiments.

For continuous risk modeling, in some cases, it is beneficial forembodiments to address both traditional and non-traditional risks. Suchembodiments may rely on both traditional and non-traditional riskfactors, e.g., taken as input. Known (e.g., in an ontology in memory, orclassifiable to such an ontology) risks are easier to model than unknownrisks, but even for the former, it is difficult to account for all theactions and circumstances possibly contributing to them. Figuring whatcontributes to a risk event is expected to be beneficial to protectagainst its occurrence, and if it does happen, to avoid its recurrence.

Some embodiments manage (e.g., infer and effectuate decisions based on)continuous risk as a time series of events and actions taken (or not)within a system's context (this may include human, computing and othertypes of components) and implement a methodology to continuously assessa continuous risk posture, or “continuous risk index” (“risk index” forshort). The higher the continuous risk index, the more vulnerable thesystem is to disruption.

Some embodiments dynamically change the risk management models to adaptnew economic conditions, in some cases with active learning, and in somecases, by batch re-training of models. This is expected to result inmore accurate risk management compared to statistical deficiencies anddegradation of stationary credit scoring models. Some embodiment furtherdynamically change the risk management models based on internationalincidents that might later on effect the economy. The risk managementmodels may be updated continuously (e.g., within less than 10, 50, or500 milliseconds, 1 second, 10 seconds, an hour, or a day, of an eventthat causes a risk score to change) by incoming data and re-trainedthrough an adaptive modeling framework by incorporating new informationas soon as it becomes available. By integrating new information, riskmanagement models may detect changes, and the occurrence of a change maypoint to eventual corrective actions applicable to the models.

In some embodiments, risk management is assessed using a batch dataprocessing model which classifies data in a supervised trainingenvironment. The model may use a full-memory time window incorporatingall previous data and new data, and the model may use a temporary-memorytime window in which only the new data is appended to the training set.Prediction of the trained models using full-memory along with thetemporary-memory may provide a dynamic risk assessment. In some cases,e.g., where full-memory time windows are preclude by computing resourceconstraints, multiheaded attention mechanisms may be applied, e.g., formore detailed, longer time-series data to capture longer range effectsof more significant events and interactions, e.g., with a transformerarchitecture that maps events and relationships therebetween to acontinuous space vector representation of lower dimensionality than theevents, where location in the vector space, in some embodiments, isindicative of risk.

In some embodiments, machine learning models may be trained usingadaptive network-based fuzzy inference systems to convert the currentstatic risk management models into a nonlinear mapping system. The modelmay be configured to adapt itself to a new input data and graduallyminimizes error based on gradient descent training. Trained models mayclassify customers into different clusters (e.g., with unsupervisedlearning approaches or supervised learning approaches), using variousclustering techniques such as k-means, fuzzy c-means (FCM), andsubtractive approaches, based on a risk analysis. The assessment may beused to identify risk factors of the system that are used to determinethe risk level.

The prevalence of transactions made by customer in different segmentsmay generate substantial amounts of multivariate time series data forthese systems. As a result, real-time anomaly detection for riskmanagement system is expected to have significant and practicalapplications, which use the information coming in real-time fromdifferent sources and tries to detect possible anomalies in the normalcondition that may be caused by human error or any form of illegalactivities such as fraud. Anomalies can be spatial, and may be referredto as spatial anomalies, which means the values of transactions areoutside the typical range. Some embodiments mitigate a risk managementsystem using an unsupervised multivariate anomaly detection method basedon Generative Adversarial Networks (GANs) that considers the entirevariable set concurrently to capture the latent interactions amongst thevariables. Some embodiments mitigate a risk management system using areal-time anomaly detection algorithm based on Hierarchical TemporalMemory (HTM) and Bayesian Network (BN).

The availability of actions and events on many time series, some ofwhich lead to risk-related incidents, in some embodiments, are used totrain machine learning models to estimate a risk index at every step inan actual time series of actions and events. These models, in someembodiments, can then be used to predict (e.g., may execute the act ofpredicting) the likelihood of future incidents, thus providing acontinuous assessment of continuous risk.

Training these models with diverse risk data, possibly from a variety ofsources, is expected to enrich their ability to address as manydifferent types of risk, system components, and workflows or sections asare contained in the training data. The models may also be able toassess risk for unseen events, as long as they have some degree ofsimilarity to known events in terms of their makeup.

In some embodiments, a machine learning system (such as a systemdescribed herein referred to as the Cerebri value system, a recurrentneural network (like a LSTM network), or a Hidden Markov model (like amulti-stage model or a continuous-time model, or other dynamic Bayesiannetworks) works on (e.g., ingests and responds to) time series of events(steps) leading to reference events by assigning relative weights toeach event on the series to reflect their relative contributions to theoccurrence and magnitude of reference events. The assignment, in someembodiments, is based on information contained in a large number of timeseries similar to the one under examination. The system, in someembodiments, thus provides information for events positioned in a timeseries prior to, or between reference events.

In the context of risk assessment, reference events are “risk events”(e.g., data breaches, denial of service attacks, regulatory, orcompliance violations), and their impact may be measured by (anddocumented in memory with associated values of) remediation costs, brandvalue, write-down, recovery of finders' fee, revenue loss etc. Events orsteps are then actions and events taking place over time, both internalto an entity or part of the environment in which it operates, havingsome (positive or negative) impact on continuous risk. Costs may becharacterized as a score, which may be denominated in currency or otherunits.

The risk index calculated as per the above, in some embodiments, reflectthe continuous risk at every step of a time series. Responsive to thesevalues, some embodiments output a continuous readout on current riskposture and tracking of trends over time. Some embodiments also give(e.g., output) insights into what sub-systems, adjudication function, orworkflows may be contributing to the current state of affairs, guidingproactive and corrective actions when needed. Regulatory and compliancerisks may include lack of proper procedures and workflows, failure tofollow them, or failing regulatory tests (e.g., information assurance,reserve levels).

In some embodiments, an event timeline or other interaction-event recordthat includes one or more interactions between a customer and a suppliermay be determined or otherwise obtained (e.g., from historical logs of aCRM system, complain logs, invoicing systems, and the like). A startingrisk value may be assigned to individual events in the event timeline. Asub-sequence comprising a portion of the event timeline that includes atleast one reference event may be selected. A classifier may be used todetermine a previous relative risk value for a previous event thatoccurred before the reference event and to determine a next relativerisk value for a next event that occurred after the reference eventuntil all events in the event timeline have been processed. The eventsin the event timeline may be traversed and a risk value assigned toindividual events in the event timeline in some embodiments.

In some embodiments, the system facilitates compliance with Know YourClient/Customer (KYC) rules and regulations, for example, implementingan anti-money-laundering system that detect suspiciousinteraction-events, especially recognizing bots and groups ofindividuals or companies. Key rules vary from country to country. InAustralia, the Anti-Money Laundering and Counter-Terrorism Financing Act2006 (AML/CTF Act) gives effect to KYC laws. The Anti-Money Launderingand Counter-Terrorism Financing Rules Instrument 2007 provides guidancefor applying the powers and requirements of the Act. Compliance isgoverned by the Australian Government agency, Australian TransactionReports and Analysis Centre, established in 1989, known as AUSTRAC. InCanada, the Financial Transactions Reports Analysis Centre of Canada,also known as FINTRAC, was created in 2000 as Canada's financialintelligence unit. FINTRAC updated its regulations in June 2016regarding acceptable methods to determine the identity of individualclients to ensure compliance with AML and KYC regulations. In the UnitedKingdom, the Money Laundering Regulations 2017 are the underlying rulesthat govern KYC in the UK. Many UK businesses use the guidance providedby the European Joint Money Laundering Steering Group along with theFinancial Conduct Authority's ‘Financial Crime: A guide for firms’ as anaid to compliance. In the United States, pursuant to the USA Patriot Actof 2001, the Secretary of the Treasury was required to finalizeregulations before Oct. 26, 2002 making KYC mandatory for all US banks.The related processes are required to conform to a customeridentification program (CIP).

In some embodiments, risk is a trigger for marketing activities, e.g., auser may be added to an audience, selected to receive content via anemail or mail, or a bid price for an online ad auction to presentcontent to the user may be calculated based on a risk score.

In some embodiments, risk information is passed to customer. This isexpected to allow individuals to understand their own credit profile orhow their behavior impacts credit: informing customers of their score,what they can do to improve their score, and what should their stopdoing. Some embodiments may compute a measure of contribution of inputfeatures (like events or types thereof), indicating a relativecontribution of the feature compared to other features, e.g., byweighting deviation of an input feature from a mean or reference valueby a measure of feature importance of that input feature of the model.

Models may be trained with various, model-appropriate, trainingalgorithms, including Baum-Welch, gradient descent, and the like.

In some embodiments, some or all of the weights or biases of a recurrentneural network described herein may be calculated by executing a machinelearning algorithm on a training set of historical customer journeys.Some embodiments may execute a gradient descent optimization to reducethe error rate and select appropriate weighting and the bias values. Insome cases, a predictive model (e.g., a vector of weights) may becalculated as a batch process run periodically. Some embodiments mayconstruct the model by, for example, assigning randomly selected weightsor biases; calculating an error amount with which the model describesthe historical data and a rates of change in that error as a function ofthe weights in the model in the vicinity of the current weight (e.g., aderivative, or local slope); and incrementing the weights in a downward(or error reducing) direction. In some cases, these steps may beiteratively repeated until a change in error between iterations is lessthan a threshold amount, indicating at least a local minimum, if not aglobal minimum. To mitigate the risk of local minima, some embodimentsmay repeat the gradient descent optimization with multiple initialrandom values to confirm that iterations converge on a likely globalminimum error. Other embodiments may iteratively adjust other machinelearning models to reduce the error function, e.g., with a greedyalgorithm that optimizes for the current iteration. The resulting,trained model, e.g., a vector of weights or biases, may be stored inmemory and later retrieved for application to new calculations on newlycalculated risk scores. In some cases, cyclic loops in the network maybe unrolled during training.

Some embodiments may execute a Hidden Markov Model. In some cases, eachhidden state may be mapped to a corresponding risk. In some embodiments,the model may be trained with the Baum-Welch algorithm, and the risk maybe inferred with the Viterbi algorithm. In some cases, a subset of thetraining set may be withheld in each of several iterations of trainingthe model to cross validate the model. The model may be trainedperiodically, e.g., monthly, in advance of use of the model.

In some embodiments, the above techniques may be implemented in acomputing environment 10 shown in FIG. 1, for example, with theillustrated continuous stochastic process controller 12, in some casesexecuting a process described below with reference to FIG. 2, operatingfor example on data models like those described below with reference toFIG. 3 on computers like those described with reference to FIG. 4.

A variety of different computing architectures are contemplated. In someembodiments, some or all of the components of the computing environment10 may be hosted by different entities, for instance in remotedatacenters that communicate via the Internet or other networks, or insome embodiments, some or all of the components of the computingenvironment 10 may be co-located within a network of a single entity,for instance co-located in a single datacenter. In some embodiments, thecomputing environment 10 and the components thereof may be implementedas a monolithic application, for instance, with different illustratedcomponents implemented as different software modules or processes thatcommunicate with one another, for instance via function calls, or insome cases, some or all of the components may be implemented asdifferent processes executing concurrently on a single computing device.In some embodiments, some or all of the illustrated components may beimplemented as distinct services executing on different network hoststhat communicate with one another via messages exchanged via networkstacks of the respective hosts, for instance, according to applicationprogram interfaces of each of the distinct services. In someembodiments, some or all of these services may be replicated, forinstance, behind load balancers, to afford a relatively scalablearchitecture, in some cases, with elastic scaling that automaticallyspins up or down new instances based on load. Some embodiments implementa service-oriented architecture, such as a micro services architecture,with different services hosted on virtual machines or containersexecuting images corresponding to different services, in some cases,with some services implemented in a serverless architecture, forinstance, as lambda functions.

In some embodiments, the controller 12 is configured to train a riskscoring machine learning model based upon historical interaction-eventrecords 14 and then use the trained model to characterize risk as acontinuous stochastic variable that is updated as current events arereceived via the event streams 17. Some embodiments, the computingenvironment 10 include various interaction-event record data sets 14, anexogenous event repository 16, various event streams 17, and variousaction-channel servers 18. In some embodiments, the controller 12 maytrain and apply various machine learning models to inputs from thecomponents 14, 16, and 17 to effectuate various actions implemented viathe action-channel servers 18.

In some embodiments, interaction-event records reflecting previouscustomer risk journeys may be obtained from the interaction-event recordrepositories 14. Three repositories are shown, but some embodiments mayinclude substantially more. Examples of such repositories includehistorical process logs, customer relationship management databases,credit reports, insurance claims, records with fraudulent transactions,and the like.

In some embodiments, each record may be time-series of events for one ofa relatively large number of independent entities for which actions areselected to influence behavior or responsive to predicted behavior, suchas of different people in a population, or in some embodiments, theentity may be non-human, for instance, a state of a robot, amanufacturing process, a market, or a datacenter's HVAC systems. In someembodiments, the number of entities for which interaction-event recordsare obtained may be more than 1000, more than 10,000, more than 100,000,and in many commercially-relevant use cases, more than a million.

In some cases, each of the interaction-event records may include atimeseries of events experienced by the corresponding subject entity,such as person, robot, industrial process, or datacenter. In some cases,the events may include actions taken by a system controlled by thecontroller 12 at the direction of the controller 12 based upon a trainedmodel thereof. Examples include the examples described below withreference to action-channel servers 18. Some examples further includedirecting a thruster in a particular direction and applying a particularamount of thrust for a duration of time in the example of a subsearobot. Other examples include extending credit, offering subsidizedhardware to support a subscription, offering insurance, sending anemail, causing an advertisement exposure, offering a voucher, offering aseat on an airplane for a specific leg of travel, the assignment offinite resources, sending a coupon or discount offer, calling a person,sending a text message, adjusting a price for a particular person,adding a task to a customer-relationship management (CRM) system, or thelike in the example of members of a population to be influenced. In theexample of a control system for a datacenter HVAC system, examplesinclude applying a particular set point for temperature or humidity forsome duration of time, setting a fan speed for some duration of time,adjusting a balance between external and internal air recirculation, andthe like.

In some cases, the events may include actions taken by nonhumansubjects, for instance, changing a process setpoint, actuating athruster in a particular direction for a particular duration, orundertaking a computing load in a datacenter for some duration. In somecases, the events may include actions taken by different subjects, forinstance, people navigating to a website of a merchant, calling a helpcenter of a merchants, contacting a salesperson of a merchant, clickingon an advertisement of a merchant, engaging with a native application ofa merchant, physically visiting a storefront of a merchant, beingexposed to an advertisement, submitting a review classified as having aparticular sentiment among a plurality of different types of sentiments,or the like.

In some embodiments, the events may further include exogenous events,which are events that are not caused by the controller 12 or the subjectentity to which a record pertains, but to which the subject entity isexposed or potentially exposed. Examples include phenomena like theweather, ocean currents, and contact by sea creatures in the example ofa subsea robot. Other examples include phenomena like recessions,changes in interest rates, and other macro-economic phenomena, alongwith cultural phenomena, like sporting events, holidays, the Olympics,elections, and the like in the example of members of a human populationto be influenced. In some embodiments, the exogenous events arestochastic, and some embodiments may associate with exogenous events anestimated or known probability distribution, like likelihoods ofoccurring within threshold durations of time. Records of such events maybe obtained from repository 16 in some embodiments.

In some cases, records describing histories of events experienced orpotentially experienced by subjects are stored in the interaction-eventrecord repository 14 in interaction-event record. In some embodiments,each interaction-event record may correspond to a different subjectentity, such as a different robot, person, or datacenter. In someembodiments, each interaction-event record may have associated therewitha unique identifier of the subject, in some cases a pseudonymousidentifier.

In some embodiments, each interaction-event record may further includeattributes of the subject, like a maximum amount of thrust available ina subsea robot, a range of thruster angles available in such a robot,drag of the robot, and inertial properties of a tether. In anotherexample, the attributes may include attributes of people, likepsychometric or demographic attributes, like age, gender, geolocation ofresidence, geolocation of a workplace, income, number and age ofchildren, whether they are married, and the like. In some embodiments,the attributes may include attributes of a datacenter, for instance, acooling capacity, an inventory of HVAC equipment therein, a volumetricflow rate maximum for fans, and the like. In some cases, such attributesmay include values indicating transient responses to stimulus as well.

In some embodiments, each interaction-event record or records in therepository 16 may further include a timeseries of events experienced bythe subject-entity or potentially experienced by the subject entity,such as exogenous events that may or may not have impinged upon thesubject entity. In some cases, the time series of events are stored in aformat that indicates a sequence of the events, for instance withtimestamps of each event, or some embodiments may indicate sequence butnot time, which is not to suggest that any other described feature islimiting. In some embodiments, the number of events may be relativelylarge, such as more than 10, more than 100, or more than 1000 on averagefor the collection of subject entities for which interaction-eventrecord are stored in the repository 14. In some embodiments, events maybe associated with a confidence score indicative of a confidence thatthe event occurred or was experienced by the respective subject entity.In some embodiments, events may have other attributes, like an intensityof the events, a monetary value of the events, a dwell time on awebsite, a value indicating whether a person clicks through to anadvertisement, and the like for use cases in which humans are thesubject. Similarly, events for robots or datacenters may include, forexample, a thermal load applied in a datacenter, an amount of currentexperience and by a subsea robot, and the like. In some embodiments, theevents may be arranged in an ontology or a hierarchical taxonomy.

In some embodiments, a value mapping the event to an entry in a taxonomymay indicate whether the event is an action taken by the subject-entitybeing controlled, an exogenous event, an event to be avoided and forwhich risk is to be calculated, or an act upon the subject-entity at thedirection of the controller or other system to be controlled by thecontroller. In some embodiments, events corresponding to actions by thesubject-entity may have attributes indicating whether the respectiveevent is advancing a goal, such as a goal reflected in an objectivefunction composed by a developer to effectuate the goal, like reducingor minimizing risk of bad outcomes, maximizing likelihood of goodoutcomes, or a net result based on a combination of both. Examplesinclude an attribute of a robot movement event indicating whether therobot movement event resulted in the robot moving closer to a barrier tobe avoided, an attribute of a consumer event indicating whether theconsumer purchased a product, an attribute of a user event indicatingwith the user engaged in some other desired or undesired behavior, likerecycling or getting a health checkup, or an attribute of a datacenterevent indicating whether a datacenter remains within a targeted band oftemperature for a targeted duration of time. In some embodiments, theevent attributes may not express whether such attributes are good orbad, merely provide a metric that may be interpreted with, for example,a reward function of the controller 12. In some embodiments, the rewardfunction may be a part of an objective function, or some embodiments mayapply other types of objective functions that do not include a rewardfunction, which is not to suggest that any other description islimiting.

In some embodiments, the interaction-event record records are or includethe event timelines described in U.S. patent application Ser. No.15/456,059, titled BUSINESS ARTIFICIAL INTELLIGENCE MANAGEMENT ENGINE,the contents of which are hereby incorporated by reference.

In some cases, interaction-event records may be syntheticinteraction-event records. For example, some embodiments may include agenerative adversarial network having a generator model anddiscriminator model trained to, respectively, generate synthetic (e.g.,partially or entirely fake) interaction-event records and detect whichrecords are synthetic. The two models may be trained concurrently toattempt to defeat the other, and the end result generator model aftertraining may be configured to output synthetic interaction event recordsthat exhibit properties like real records.

In some embodiments, state to which controller 12 is responsive (e.g.,in online use cases after training) may be ingested from various eventstreams 17 (some may be continuously feeds, and some may be batchfeeds), which may take the form of a series of events like thosedescribed above. In some embodiments, after the models are trained,subsequent interaction-event records, events thereof, or attributesthereof may be ingested via the event streams 17. In some embodiments,an event stream may be a stream of readings from sensors of a robot,such as inertial measurement unit sensors or range finding sensors. Insome cases, an event stream may be attributes of additional members of apopulation to be evaluated for risk or a new population to be evaluatedfor risk, or in some cases attributes of events in an event historythereof. In some embodiments, the event stream may be temperature orload assignment signals from a datacenter. In some cases, the ingestedstream of data may have associated therewith identifiers like thosedescribed above distinguishing different subjects controlled andassociated with the inbound events or attributes. In some embodiments,the stream may be a batch process, such as a set of records of subjectentities that are members of a population for which a new campaign isbeing designed to influence the members of the population to engage insome targeted behavior. In some embodiments, the stream may be a realtime stream, for instance, with data being supplied as it is obtainedby, or in relation to, subject entities, for instance, in queries sentas the data is obtained to request a recommended responsive action inview of the new information.

In some cases, the controller 12 may exercise control (which may beoutcome determinative control or merely control over downstream inputsthat merely influence a downstream process), via one or more of theaction-channel servers 18. In the non-human context, examples of actionsinclude setting a process parameter setpoint (like temperature, rate ofacceleration, robot route, workload allocation among data center, andthe like). Examples of resulting actions may also include outputting ascore indicative of whether a consumer should be sold or marketed aparticular product like those described above. Examples of resultingactions may also include configuring a parameter of a product, like aninterest rate, amount of collateral, deposit, requirements for aguarantor, amount loaned, amount insured, etc. Examples of resultingactions also include selecting or composing a message to be sent to aconsumer based on the risk score of that consumer. Other examplesinclude various dashboards and reports indicative of risk scores fordifferent types of consumers or different types of products, likepopulation statistics, such as measures of central tendency orvariation. In some cases, different servers 18 may communicate withvarious downstream systems, like loan or insurance underwriting computersystems, ERP systems, or CRM systems, to update those systems onpredicted current state of risk, e.g., responsive to queries or bypushing updates.

In some embodiments, the continuous stochastic process controller 12includes a data classifier 20, a model trainer 22, a risk-scoring model24, a risk-score repository 26, a control module 28, and anexplainability module 30.

Classifying performed by the data classifier 20 may take a variety ofdifferent forms. Some embodiments may classify interaction-event recordsaccording to whether an undesirable outcome occurred as one of theevents. In some cases, the undesirability of the outcome may bequantified as well, e.g., with a score. The results may be applied bythe classifier 20 to the interaction-event records as, e.g., labels of alabeled training set used for training the model 24. In someembodiments, the classifier 20 may further compress the data that isingested by removing duplicate records, such as records that areidentical but for a subject identifier, and some embodiments provide theresulting filtered de-duplicated records to subsequent processing in adata pipeline like that shown.

In some embodiments, the model trainer 22 may be configured to train therisk-scoring model 24, for example, as a batch process or with activelearning. The model and corresponding form of training may take any ofthe forms described herein, for instance.

In some embodiments, after training, the risk scoring model 24 mayupdate risk-scores in the risk-score repository 26 responsive to newevents in event streams 17 as classified by classifier 20. In someembodiments, the risk scores may account for both a likelihood of anevent and an expected cost or other measure of undesirability (e.g.,downtime, amount a product is out of tolerance, loss of yield, etc.) ofthat event, e.g., with the product of the two values.

In some embodiments, the resulting risk scores may be accessed bycontrol module 28 to effectuate various actions via the action-channelservers 18, like those actions described above.

In some embodiments, the explainability module 30 may access the riskscores and trained model parameters from the model 24 to advise users,like consumers, those offering products, regulators or auditors, on thecauses of the risk scores that are calculated. Examples includeoutputting one or more metrics associated with one or more events ortypes of events indicating a measure of a contribution of those eventsto a given risk score.

In in some cases, a user's computer may query the controller 12 with arequest to explain a score, and in response, the controller 12 maydetermine contributions of various features in that user's history thatcontribute to the score and magnitudes of those contributions. Suchresults may be presented to the user to inform the user on how to adjusttheir behavior to reduce risk in the future.

As noted, some embodiments of the controller 12 may execute a process 50shown in FIG. 2. In some embodiments, different subsets of this process50 may be executed by the illustrated components of the controller 12.It should be emphasized, though, that embodiments of the process 50 arenot limited to implementations with the architecture of FIG. 1, and thatthe architecture of FIG. 1 may execute processes different from thatdescribed with reference to FIG. 2, none of which is to suggest that anyother description herein is limiting.

In some embodiments, the process 50 and the other functionalitydescribed herein may be implemented with program code or otherinstructions stored on a tangible, non-transitory, machine-readablemedium, such that when the instructions are executed by one or moreprocessors (a term which as used herein refers to physical processors,e.g., implemented on a semiconductor device), the describedfunctionality is effectuated. In some embodiments, notwithstanding useof the singular term “medium,” the medium may be distributed, withdifferent subsets of the instructions stored on different computingdevices that effectuate those different subsets, an arrangementconsistent with use of the singular term “medium” along with monolithicapplications on a single device. In some embodiments, the describedoperations may be executed in a different order, some or all of theoperations may be executed multiple times, operations may be executedconcurrently with one another or multiple instances of the describedprocess, additional operations may be inserted, operations may beomitted, operations may be executed serially, recursively, or theprocesses described may otherwise be varied, again none of which is tosuggest that any other description herein is limiting.

In some embodiments, the process 50 includes obtaining historicalinteraction-event records, as indicated by block 52, for example, withthe above-described classifier 20 from the interaction-event recordrepositories 14. In some embodiments, this may further include obtainingexogenous event records from the repository 16 described above.

Next, some embodiments may train a machine learning model on thehistorical interaction-event records, as indicated by block 54. In someembodiments, this may be performed by the above-described model trainer22. Some embodiments may then obtain current interaction-event records,as indicated by block 56, again for example, with the classifier 20 fromthe repositories 14 or streams 17 described above.

Some embodiments may determine, based on at least some of theinteraction-event records a set of event risk scores, as indicated byblock 58. In some embodiments, this may be performed by theabove-described risk-scoring model 24. Some embodiments may then storethe sets of event-risk scores in memory, as indicated by block 60, forexample, in the above-described risk-score repository 26.

Some embodiments may then determine various actions, for example,selecting among candidates, like launching or applying various campaignsor other programs to consumers, based on the sets of event-risk scores,as indicated by block 62. In some embodiments, this may be performed bythe of above-described control module 28.

Some embodiments may further determine a measure of contribution ofevents or types of events to the sets of event-risk scores, as indicatedby block 64, for example with the above-described explainability module30. In some embodiments may cause the measure of contribution to bepresented to a user to the instruct the user on how to modulate risk, asindicated by block 60.

FIG. 3 depicts an example data model 400 used to analyzeinteraction-event records according to some embodiments. In the datamodel 400, one or more interaction-event records 402 may be analyzed bythe model 24 to produce one or more results 406, which in some cases maybe a risk score stored in repository 26 (which may be persistent ornon-persistent memory).

For example, the interaction-event records 402 may include previouspurchase data, finance data (e.g., associated with consumer financing),demographic data (e.g., customer's age, income, zip code, and the like),CSR contact data (e.g., why, when, and how the customer has contacted aCSR), website access data (e.g., what type of information the customerobtains from the website), warranty data (e.g., warranty claim isindicative of certain customer activities), parts and service data, andmarketing data (e.g., how the customer has been provided marketing), forexample. Of course, the data sets 402 may include other types ofcustomer-related data.

For example, the interaction-event records 402 may include previouspurchase data 404(1), finance data (e.g., associated with consumerfinancing) 404(2), demographic data (e.g., customer's age, income, zipcode, and the like) 404(3), CSR contact data (e.g., why, when, and howthe customer has contacted a CSR) 404(4), website access data (e.g.,what type of information the customer obtains from the website) 404(5),warranty data 404(6) (e.g., warranty claim is indicative of certaincustomer activities), and marketing data 404(M) (e.g., how the customerhas been provided marketing), where M>0. Of course, the data sets in therecord 402 may include other types of customer-related data. Thesedifferent types of data may be determined to make various contributions408(1), 408(2), and 408(3) to an integrated value 406, like a riskscore, by the presently described machine learning techniques.

Some embodiments of the controller 12 may perform an analysis of thedata sets 402 and to determine value indexes 404 based on the analysisand various contributions to an integrated value, like a risk score 406.As illustrated, events may occur in a sequence, with events occurring ina forward direction 412 and backward direction 410 relative to a givenevent.

FIG. 4 is a diagram that illustrates an exemplary computing system 1000in accordance with embodiments of the present technique. Variousportions of systems and methods described herein, may include or beexecuted on one or more computer systems similar to computing system1000. Further, processes and modules described herein may be executed byone or more processing systems similar to that of computing system 1000.

Computing system 1000 may include one or more processors (e.g.,processors 1010 a-1010 n) coupled to system memory 1020, an input/outputI/O device interface 1030, and a network interface 1040 via aninput/output (I/O) interface 1050. A processor may include a singleprocessor or a plurality of processors (e.g., distributed processors). Aprocessor may be any suitable processor capable of executing orotherwise performing instructions. A processor may include a centralprocessing unit (CPU) that carries out program instructions to performthe arithmetical, logical, and input/output operations of computingsystem 1000. A processor may execute code (e.g., processor firmware, aprotocol stack, a database management system, an operating system, or acombination thereof) that creates an execution environment for programinstructions. A processor may include a programmable processor. Aprocessor may include general or special purpose microprocessors. Aprocessor may receive instructions and data from a memory (e.g., systemmemory 1020). Computing system 1000 may be a uni-processor systemincluding one processor (e.g., processor 1010 a), or a multi-processorsystem including any number of suitable processors (e.g., 1010 a-1010n). Multiple processors may be employed to provide for parallel orsequential execution of one or more portions of the techniques describedherein. Processes, such as logic flows, described herein may beperformed by one or more programmable processors executing one or morecomputer programs to perform functions by operating on input data andgenerating corresponding output. Processes described herein may beperformed by, and apparatus can also be implemented as, special purposelogic circuitry, e.g., an FPGA (field programmable gate array) or anASIC (application specific integrated circuit). Computing system 1000may include a plurality of computing devices (e.g., distributed computersystems) to implement various processing functions.

I/O device interface 1030 may provide an interface for connection of oneor more I/O devices 1060 to computer system 1000. I/O devices mayinclude devices that receive input (e.g., from a user) or outputinformation (e.g., to a user). I/O devices 1060 may include, forexample, graphical user interface presented on displays (e.g., a cathoderay tube (CRT) or liquid crystal display (LCD) monitor), pointingdevices (e.g., a computer mouse or trackball), keyboards, keypads,touchpads, scanning devices, voice recognition devices, gesturerecognition devices, printers, audio speakers, microphones, cameras, orthe like. I/O devices 1060 may be connected to computer system 1000through a wired or wireless connection. I/O devices 1060 may beconnected to computer system 1000 from a remote location. I/O devices1060 located on remote computer system, for example, may be connected tocomputer system 1000 via a network and network interface 1040.

Network interface 1040 may include a network adapter that provides forconnection of computer system 1000 to a network. Network interface may1040 may facilitate data exchange between computer system 1000 and otherdevices connected to the network. Network interface 1040 may supportwired or wireless communication. The network may include an electroniccommunication network, such as the Internet, a local area network (LAN),a wide area network (WAN), a cellular communications network, or thelike.

System memory 1020 may be configured to store program instructions 1100or data 1110. Program instructions 1100 may be executable by a processor(e.g., one or more of processors 1010 a-1010 n) to implement one or moreembodiments of the present techniques. Instructions 1100 may includemodules of computer program instructions for implementing one or moretechniques described herein with regard to various processing modules.Program instructions may include a computer program (which in certainforms is known as a program, software, software application, script, orcode). A computer program may be written in a programming language,including compiled or interpreted languages, or declarative orprocedural languages. A computer program may include a unit suitable foruse in a computing environment, including as a stand-alone program, amodule, a component, or a subroutine. A computer program may or may notcorrespond to a file in a file system. A program may be stored in aportion of a file that holds other programs or data (e.g., one or morescripts stored in a markup language document), in a single filededicated to the program in question, or in multiple coordinated files(e.g., files that store one or more modules, sub programs, or portionsof code). A computer program may be deployed to be executed on one ormore computer processors located locally at one site or distributedacross multiple remote sites and interconnected by a communicationnetwork.

System memory 1020 may include a tangible program carrier having programinstructions stored thereon. A tangible program carrier may include anon-transitory computer readable storage medium. A non-transitorycomputer readable storage medium may include a machine-readable storagedevice, a machine-readable storage substrate, a memory device, or anycombination thereof. Non-transitory computer readable storage medium mayinclude non-volatile memory (e.g., flash memory, ROM, PROM, EPROM,EEPROM memory), volatile memory (e.g., random access memory (RAM),static random access memory (SRAM), synchronous dynamic RAM (SDRAM)),bulk storage memory (e.g., CD-ROM and/or DVD-ROM, hard-drives), or thelike. System memory 1020 may include a non-transitory computer readablestorage medium that may have program instructions stored thereon thatare executable by a computer processor (e.g., one or more of processors1010 a-1010 n) to cause the subject matter and the functional operationsdescribed herein. A memory (e.g., system memory 1020) may include asingle memory device and/or a plurality of memory devices (e.g.,distributed memory devices). Instructions or other program code toprovide the functionality described herein may be stored on a tangible,non-transitory computer readable media. In some cases, the entire set ofinstructions may be stored concurrently on the media, or in some cases,different parts of the instructions may be stored on the same media atdifferent times.

I/O interface 1050 may be configured to coordinate I/O traffic betweenprocessors 1010 a-1010 n, system memory 1020, network interface 1040,I/O devices 1060, and/or other peripheral devices. I/O interface 1050may perform protocol, timing, or other data transformations to convertdata signals from one component (e.g., system memory 1020) into a formatsuitable for use by another component (e.g., processors 1010 a-1010 n).I/O interface 1050 may include support for devices attached throughvarious types of peripheral buses, such as a variant of the PeripheralComponent Interconnect (PCI) bus standard or the Universal Serial Bus(USB) standard.

Embodiments of the techniques described herein may be implemented usinga single instance of computer system 1000 or multiple computer systems1000 configured to host different portions or instances of embodiments.Multiple computer systems 1000 may provide for parallel or sequentialprocessing/execution of one or more portions of the techniques describedherein.

Those skilled in the art will appreciate that computer system 1000 ismerely illustrative and is not intended to limit the scope of thetechniques described herein. Computer system 1000 may include anycombination of devices or software that may perform or otherwise providefor the performance of the techniques described herein. For example,computer system 1000 may include or be a combination of acloud-computing system, a data center, a server rack, a server, avirtual server, a desktop computer, a laptop computer, a tabletcomputer, a server device, a client device, a mobile telephone, apersonal digital assistant (PDA), a mobile audio or video player, a gameconsole, a vehicle-mounted computer, or a Global Positioning System(GPS), or the like. Computer system 1000 may also be connected to otherdevices that are not illustrated, or may operate as a stand-alonesystem. In addition, the functionality provided by the illustratedcomponents may in some embodiments be combined in fewer components ordistributed in additional components. Similarly, in some embodiments,the functionality of some of the illustrated components may not beprovided or other additional functionality may be available.

Those skilled in the art will also appreciate that while various itemsare illustrated as being stored in memory or on storage while beingused, these items or portions of them may be transferred between memoryand other storage devices for purposes of memory management and dataintegrity. Alternatively, in other embodiments some or all of thesoftware components may execute in memory on another device andcommunicate with the illustrated computer system via inter-computercommunication. Some or all of the system components or data structuresmay also be stored (e.g., as instructions or structured data) on acomputer-accessible medium or a portable article to be read by anappropriate drive, various examples of which are described above. Insome embodiments, instructions stored on a computer-accessible mediumseparate from computer system 1000 may be transmitted to computer system1000 via transmission media or signals such as electrical,electromagnetic, or digital signals, conveyed via a communication mediumsuch as a network or a wireless link. Various embodiments may furtherinclude receiving, sending, or storing instructions or data implementedin accordance with the foregoing description upon a computer-accessiblemedium. Accordingly, the present techniques may be practiced with othercomputer system configurations.

In block diagrams, illustrated components are depicted as discretefunctional blocks, but embodiments are not limited to systems in whichthe functionality described herein is organized as illustrated. Thefunctionality provided by each of the components may be provided bysoftware or hardware modules that are differently organized than ispresently depicted, for example such software or hardware may beintermingled, conjoined, replicated, broken up, distributed (e.g. withina data center or geographically), or otherwise differently organized.The functionality described herein may be provided by one or moreprocessors of one or more computers executing code stored on a tangible,non-transitory, machine readable medium. In some cases, notwithstandinguse of the singular term “medium,” the instructions may be distributedon different storage devices associated with different computingdevices, for instance, with each computing device having a differentsubset of the instructions, an implementation consistent with usage ofthe singular term “medium” herein. In some cases, third party contentdelivery networks may host some or all of the information conveyed overnetworks, in which case, to the extent information (e.g., content) issaid to be supplied or otherwise provided, the information may providedby sending instructions to retrieve that information from a contentdelivery network.

The reader should appreciate that the present application describesseveral independently useful techniques. Rather than separating thosetechniques into multiple isolated patent applications, applicants havegrouped these techniques into a single document because their relatedsubject matter lends itself to economies in the application process. Butthe distinct advantages and aspects of such techniques should not beconflated. In some cases, embodiments address all of the deficienciesnoted herein, but it should be understood that the techniques areindependently useful, and some embodiments address only a subset of suchproblems or offer other, unmentioned benefits that will be apparent tothose of skill in the art reviewing the present disclosure. Due to costsconstraints, some techniques disclosed herein may not be presentlyclaimed and may be claimed in later filings, such as continuationapplications or by amending the present claims. Similarly, due to spaceconstraints, neither the Abstract nor the Summary of the Inventionsections of the present document should be taken as containing acomprehensive listing of all such techniques or all aspects of suchtechniques.

It should be understood that the description and the drawings are notintended to limit the present techniques to the particular formdisclosed, but to the contrary, the intention is to cover allmodifications, equivalents, and alternatives falling within the spiritand scope of the present techniques as defined by the appended claims.Further modifications and alternative embodiments of various aspects ofthe techniques will be apparent to those skilled in the art in view ofthis description. Accordingly, this description and the drawings are tobe construed as illustrative only and are for the purpose of teachingthose skilled in the art the general manner of carrying out the presenttechniques. It is to be understood that the forms of the presenttechniques shown and described herein are to be taken as examples ofembodiments. Elements and materials may be substituted for thoseillustrated and described herein, parts and processes may be reversed oromitted, and certain features of the present techniques may be utilizedindependently, all as would be apparent to one skilled in the art afterhaving the benefit of this description of the present techniques.Changes may be made in the elements described herein without departingfrom the spirit and scope of the present techniques as described in thefollowing claims. Headings used herein are for organizational purposesonly and are not meant to be used to limit the scope of the description.

As used throughout this application, the word “may” is used in apermissive sense (i.e., meaning having the potential to), rather thanthe mandatory sense (i.e., meaning must). The words “include”,“including”, and “includes” and the like mean including, but not limitedto. As used throughout this application, the singular forms “a,” “an,”and “the” include plural referents unless the content explicitlyindicates otherwise. Thus, for example, reference to “an element” or “aelement” includes a combination of two or more elements, notwithstandinguse of other terms and phrases for one or more elements, such as “one ormore.” The term “or” is, unless indicated otherwise, non-exclusive,i.e., encompassing both “and” and “or.” Terms describing conditionalrelationships, e.g., “in response to X, Y,” “upon X, Y,”, “if X, Y,”“when X, Y,” and the like, encompass causal relationships in which theantecedent is a necessary causal condition, the antecedent is asufficient causal condition, or the antecedent is a contributory causalcondition of the consequent, e.g., “state X occurs upon condition Yobtaining” is generic to “X occurs solely upon Y” and “X occurs upon Yand Z.” Such conditional relationships are not limited to consequencesthat instantly follow the antecedent obtaining, as some consequences maybe delayed, and in conditional statements, antecedents are connected totheir consequents, e.g., the antecedent is relevant to the likelihood ofthe consequent occurring. Statements in which a plurality of attributesor functions are mapped to a plurality of objects (e.g., one or moreprocessors performing steps A, B, C, and D) encompasses both all suchattributes or functions being mapped to all such objects and subsets ofthe attributes or functions being mapped to subsets of the attributes orfunctions (e.g., both all processors each performing steps A-D, and acase in which processor 1 performs step A, processor 2 performs step Band part of step C, and processor 3 performs part of step C and step D),unless otherwise indicated. Similarly, reference to “a computer system”performing step A and “the computer system” performing step B caninclude the same computing device within the computer system performingboth steps or different computing devices within the computer systemperforming steps A and B. Further, unless otherwise indicated,statements that one value or action is “based on” another condition orvalue encompass both instances in which the condition or value is thesole factor and instances in which the condition or value is one factoramong a plurality of factors. Unless otherwise indicated, statementsthat “each” instance of some collection have some property should not beread to exclude cases where some otherwise identical or similar membersof a larger collection do not have the property, i.e., each does notnecessarily mean each and every. Limitations as to sequence of recitedsteps should not be read into the claims unless explicitly specified,e.g., with explicit language like “after performing X, performing Y,” incontrast to statements that might be improperly argued to imply sequencelimitations, like “performing X on items, performing Y on the X'editems,” used for purposes of making claims more readable rather thanspecifying sequence. Statements referring to “at least Z of A, B, andC,” and the like (e.g., “at least Z of A, B, or C”), refer to at least Zof the listed categories (A, B, and C) and do not require at least Zunits in each category. Unless specifically stated otherwise, asapparent from the discussion, it is appreciated that throughout thisspecification discussions utilizing terms such as “processing,”“computing,” “calculating,” “determining” or the like refer to actionsor processes of a specific apparatus, such as a special purpose computeror a similar special purpose electronic processing/computing device.Features described with reference to geometric constructs, like“parallel,” “perpendicular/orthogonal,” “square”, “cylindrical,” and thelike, should be construed as encompassing items that substantiallyembody the properties of the geometric construct, e.g., reference to“parallel” surfaces encompasses substantially parallel surfaces. Thepermitted range of deviation from Platonic ideals of these geometricconstructs is to be determined with reference to ranges in thespecification, and where such ranges are not stated, with reference toindustry norms in the field of use, and where such ranges are notdefined, with reference to industry norms in the field of manufacturingof the designated feature, and where such ranges are not defined,features substantially embodying a geometric construct should beconstrued to include those features within 15% of the definingattributes of that geometric construct. The terms “first”, “second”,“third,” “given” and so on, if used in the claims, are used todistinguish or otherwise identify, and not to show a sequential ornumerical limitation. As is the case in ordinary usage in the field,data structures and formats described with reference to uses salient toa human need not be presented in a human-intelligible format toconstitute the described data structure or format, e.g., text need notbe rendered or even encoded in Unicode or ASCII to constitute text;images, maps, and data-visualizations need not be displayed or decodedto constitute images, maps, and data-visualizations, respectively;speech, music, and other audio need not be emitted through a speaker ordecoded to constitute speech, music, or other audio, respectively.Computer implemented instructions, commands, and the like are notlimited to executable code and can be implemented in the form of datathat causes functionality to be invoked, e.g., in the form of argumentsof a function or API call.

In this patent, to the extent any U.S. patents, U.S. patentapplications, or other materials (e.g., articles) have been incorporatedby reference, the text of such materials is only incorporated byreference to the extent that no conflict exists between such materialand the statements and drawings set forth herein. In the event of suchconflict, the text of the present document governs, and terms in thisdocument should not be given a narrower reading in virtue of the way inwhich those terms are used in other materials incorporated by reference.

The present techniques will be better understood with reference to thefollowing enumerated embodiments:

1. A tangible, non-transitory, machine-readable medium storinginstructions that when executed by one or more processors effectuateoperations comprising: obtaining, with a computer system, one or moreout of plurality of datasets having a plurality of interaction-eventrecords, wherein: the interaction-event records describe respectiveinteraction events, the interaction-events are interactions in which afirst entity has experiences or obtains other information pertaining tosecond entity, and at least some of the interaction-event records areassociated with respective risks by which sequences of at least some ofthe interaction events relative to one another are ascertainable;determining, with the computer system, based on at least some of theinteraction-event records, sets of event-risk scores, the setscorresponding to at least some of the interaction events, wherein: atleast some respective event-risk scores are indicative of an effectiveof a respective risk ascribed by the first entity to a respective aspectof the second entity; and at least some respective event-risk scores arebased on both: respective contributions of respective correspondingevents to a subsequent event in the one or more out of the plurality ofdatasets, and a risk ascribed to a subsequent event in the one or moreout of the plurality of datasets, the subsequent event occurring afterthe respective corresponding events; and storing, with the computersystem, the sets of event-risk scores in memory.2. The medium of embodiment 1, wherein: for at least a plurality of theinteraction events, a set of event-risk scores is determined for therespective interaction-event among the plurality of theinteraction-events.3. The medium of any one of embodiments 1-2, wherein: each of at leastsome of the sets of event-risk scores include a plurality of differentscores corresponding to different requests of the second entity to whichthe first entity ascribes respective risks.4. The medium of embodiment 3, wherein: the request includes request ofa collateralized offering, request of a collateralized offering, arequest of a new offering, a modification of existing offering,obtaining a product at a cost that is subsidized in exchange for apromise of future behavior, or insurance.5. The medium of embodiment 3, wherein: different offerings areassociated with different sets of risk profiles.6. The medium of any one of embodiments 1-5, wherein: where when theevent-risk score of a plurality of interaction events fits within apreset or dynamically determined simplex, in response, a set ofinteraction-events is initiated.7. The medium of any one of embodiments 1-6, wherein, for at least someof the sets of event-risk scores, each respective set includes both: arespective weight corresponding to a contribution of the respectiveinteraction event toward influencing the first entity to cause thesubsequent event, and a respective risk index based on a product ofrespective weight and a risk ascribed to the subsequent event by thesecond entity.8. The medium of any one of embodiments 1-7, wherein: the events includeboth transaction and non-transaction events; the events include bothdirect and indirect interactions; the events include factors,demographic, or macro-economic events; the events include credit score;the event includes social media information; the events include thetiming classification of other events, the interaction-event records areobtained from diverse data sets; or at least some of the event-riskscores are determined at least in part with a machine learningclassifier.9. The medium of any one of embodiments 1-8, wherein: the events includeboth transaction and non-transaction events; the events include bothdirect and indirect interactions; the events include factors,demographic, or macro-economic events; the events include credit score;the event includes social media information; the interaction-eventrecords are obtained from diverse data sets; and at least some of theevent-risk scores are determined at least in part with a machinelearning classifier.10. The medium of any one of embodiments 1-9, wherein: the eventsinclude factors, demographic, or macro-economic events; the eventsinclude credit score; the events include social media information; andthe events include Know Your Client rules; the interaction-event recordsare obtained from diverse data sets; or at least some of the event-riskscores are determined at least in part with a machine learningclassifier.11. The medium of any one of embodiments 1-10, wherein determining setsof event-risk scores comprises: determining initial risks of at leastone type of score in the sets of event-risk scores; and iterativelyadjusting the at least one type of score with machine learning.12. The medium of any one of embodiments 1-11, comprising: obtaining adesignation of one of the events as a reference event; obtaining a riskascribed to the reference event by the first entity; selecting a portionof an event timeline including a subset of the events among which is thereference event; determining, using a classifier, relative risks for atleast some events in the subset; and assigning a risk index toindividual events among the subset.13. The medium of any one of embodiments 1-12, the operationscomprising: selecting a type of interaction for the first entity toexperience in the future based on the sets of event-risk scores storedin memory.14. The medium of any one of embodiments 1-13, wherein: the eventsinclude both real interactions and synthesized interactions.15. The medium of any one of embodiments 1-14, comprising: obtaining adesignation of one of the events as a reference event; obtaining a riskascribed to the reference event by the first entity; selecting a portionof an event timeline including a subset of the events among which is thereference event; determining, using a classifier, relative risks for atleast some events in the subset; assigning a risk index to individualevents among the subset; and setting or resetting parameters of one ormore transactions with second entity.16. The medium of any one of embodiments 1-15, comprising: determining ameasure of a contribution of a given event or type of events to anevent-risk score for an individual among the sets of event-risk scores;and causing a visual indication of measure of a contribution of a givenevent or type of events to be presented to indicate how to modify theevent-risk score for the individual.17. The medium of any one of embodiments 1-16, wherein: determining setsof event-risk scores comprises determining sets of event-risk scoreswith a dynamic Bayesian network.18. The medium of any one of embodiments 1-17, wherein: determining setsof event-risk scores comprises determining sets of event-risk scoreswith a directed cyclic graph of perceptrons.19. A computing system comprising: a logic subsystem including one ormore processors; and a storage subsystem comprising a tangible,non-transitory storage device or devices, the storage subsystemcomprising machine-readable medium storing instructions by the logicsubsystem to implement a fraud detection platform and, for a journey ofinteraction-events available in a fraud detection platform, extract orreceive information from the journey of interaction-events regardingattributes related to an entity's progress in the journey ofinteraction-events, the attributes provided by the journey ofinteraction-events to the fraud detection attributes for each entity ofa plurality of entities; for each entity of the plurality of entities,apply a classifying function to classify the entity progress in thejourney of interaction-events as normal or as outlying based upon theattributes provided by the journey of interaction-events to the frauddetection platform, the classifying function being trained via machinelearning; based at least in part on entity progress in the journey ofinteraction-events being classified as outlying, then take an actionbased upon classification as outlying; and based at least in part on theuser progress in the journey of interaction-events not being classifiedas outlying, then not take the action20. A method, comprising: the operations of any one of embodiments 1-19.21. A system, comprising: one or more processors; and memory storinginstructions that when executed by the processors cause the processorsto effectuate operations comprising: the operations of any one ofembodiments 1-19.

What is claimed is:
 1. A tangible, non-transitory, machine-readablemedium storing instructions that when executed by one or more processorseffectuate operations comprising: obtaining, with one or moreprocessors, for a plurality of entities, datasets, wherein: the datasetscomprise a plurality of entity logs; at least some of the plurality ofentity logs are events involving the entities; at least some of theplurality of entity logs are attributes related to the entities; atleast some of the attributes are governance attributes; and the eventsare distinct from the attributes; forming, with one or more processors,a plurality of journeys for at least some of the plurality of entities,wherein each journey of the plurality of the journeys comprises: a firstsubset of events; and a first set of attributes; assigning, with acontinuous stochastic process controller executed by one or moreprocessors, a plurality of risk indices for at least some of the eventsin the first subset of events based on at least some of the governanceattributes, wherein the assignment of the plurality of risk indicesfurther comprises: forming a first training dataset from the datasets;training, with one or more processors, based on the plurality of entitylogs, a predictive machine learning model to predict whether an entity,from the plurality of entities, characterized by a set of inputs to themodel will engage in an action in the future, wherein the trained modelis configured to make predictions based on the plurality of entity logsrelated to the entity; and storing, with one or more processors, thetrained predictive machine learning model in memory; and storing, withone or more processors, the plurality of risk indices in memory.
 2. Themedium of claim 1, wherein the governance attributes comprises: entityrules for at least some of the plurality of entities; entity regulationsfor at least some of the plurality of entities; entity restrictions forat least some of the plurality of entities; entity business protocolsfor at least some of the plurality of entities; entity policies for atleast some of the plurality of entities; and entity security protocolsfor at least some of the plurality of entities.
 3. The medium of claim1, wherein the assignment of the plurality of risk indices furthercomprises: forming a first training dataset from the datasets; traininga first machine-learning model on the first training dataset byadjusting parameters of the first machine-learning model to optimize afirst objective function that indicates an accuracy of the plurality ofrisk indices in complying with the governance attributes; and storingthe adjusted parameters of the trained first machine-learning model inmemory.
 4. The medium of claim 3, wherein the first machine-learningmodel is trained using adaptive network based fuzzy inference.
 5. Themedium of claim 1, wherein the plurality of risk indices are updated inreal-time as events are received via a plurality of event streams. 6.The medium of claim 1, wherein the assignment of the plurality of riskindices further comprises: forming a first training dataset from thedatasets; training, with one or more processors, based on the pluralityof entity logs, a predictive machine learning model to predict whetheran entity, from the plurality of entities, characterized by a set ofinputs to the model will engage in an action in the future, wherein thetrained model is configured to make predictions based on the pluralityof entity logs related to the entity; and storing, with one or moreprocessors, the trained predictive machine learning model in memory. 7.The medium of claim 6, comprising, before training, transforming eachentity log into a collection of features to which the predictive machinelearning model is capable of responding and training the model on thecollection of features.
 8. The medium of claim 7, wherein at least someof the features are determined by classifying whether a given type ofevent occurred during a specific period.
 9. The medium of claim 6,wherein: the trained predictive machine learning model is configured tooutput a plurality of risk indices each indicative of likelihood of anentity engaging in a specific action in a different respective durationof time in the future.
 10. The medium of claim 6, wherein: the trainedpredictive machine learning model is configured to output a plurality ofrisk indices each indicative of likelihood of an entity engaging in adifferent respective specific action in the given duration of time inthe future.
 11. The medium of claim 1, wherein training comprises meansfor training.
 12. The medium of claim 1, comprising: steps formonitoring or controlling a continuous stochastic process.
 13. Themedium of claim 1, wherein: the entities include consumers; the eventsinclude communications to consumers by an enterprise; the events includepurchases by consumers from the enterprise; the events includenon-purchase interactions by consumers with the enterprise; and theentity logs are obtained from a customer relationship management systemof the enterprise.
 14. The medium of claim 1, wherein: the eventsinclude both real interactions and synthesized interactions.
 15. Themedium of claim 1, wherein the assignment of the plurality of riskindices further comprises a directed cyclic graph of perceptrons. 16.The medium of claim 1, wherein the continuous stochastic processcontroller comprises a transformer architecture that maps events andrelationships therebetween to a continuous space vector representationof lower dimensionality than the mapped events, wherein location in thevector space is indicative of risk.
 17. The medium of claim 1, whereinthe continuous stochastic process controller comprises multiheadedattention.
 18. The medium of claim 1, wherein the continuous stochasticprocess controller comprises a real-time anomaly detection algorithmbased on Hierarchical Temporal Memory and Bayesian Network.
 19. Amethod, comprising: obtaining, with one or more processors, for aplurality of entities, datasets, wherein: the datasets comprise aplurality of entity logs; at least some of the plurality of entity logsare events involving the entities; at least some of the plurality ofentity logs are attributes related to the entities; at least some of theattributes are governance attributes; and the events are distinct fromthe attributes; forming, with one or more processors, a plurality ofjourneys for at least some of the plurality of entities, wherein eachjourney of the plurality of the journeys comprises: a first subset ofevents; and a first set of attributes, wherein forming the plurality ofjourneys further comprises: forming a first training dataset from thedatasets; training, with one or more processors, a firstmachine-learning model on the first training dataset by adjustingparameters of the first machine-learning model to optimize a firstobjective function that indicates interrelatedness between the eventsaccording to an ontology of events; and storing, with one or moreprocessors, the adjusted parameters of the trained firstmachine-learning model in memory; assigning, with a continuousstochastic process controller executed by one or more processors, aplurality of risk indices for at least some of the events in the firstsubset of events based on at least some of the governance attributes;and storing, with one or more processors, the plurality of risk indicesin memory.
 20. A method comprising: obtaining, with one or moreprocessors, for a plurality of entities, datasets, wherein: the datasetscomprise a plurality of entity logs; at least some of the plurality ofentity logs are events involving the entities; at least some of theplurality of entity logs are attributes related to the entities; atleast some of the attributes are governance attributes; and the eventsare distinct from the attributes; forming, with one or more processors,a plurality of journeys for at least some of the plurality of entities,wherein each journey of the plurality of the journeys comprises: a firstsubset of events; and a first set of attributes; assigning, with acontinuous stochastic process controller executed by one or moreprocessors, a plurality of risk indices for at least some of the eventsin the first subset of events based on at least some of the governanceattributes, wherein assigning the plurality of risk indices furthercomprises: forming a first training dataset from the datasets; training,with one or more processors, based on the plurality of entity logs, apredictive machine learning model to predict whether an entity, from theplurality of entities, characterized by a set of inputs to the modelwill engage in an action in the future, wherein the trained model isconfigured to make predictions based on the plurality of entity logsrelated to the entity; and storing, with one or more processors, thetrained predictive machine learning model in memory; and storing, withone or more processors, the plurality of risk indices in memory.